Document Comparison
AOC_SAQ_D_ServiceProvider_v3-1_rev1-1.pdf
→
AOC-SAQ_D_ServiceProvider-v3_2.pdf
93% similar
10 → 11
Pages
2140 → 2253
Words
9
Content Changes
Content Changes
9 content changes. 8 administrative changes (dates, page numbers) hidden.
Added
p. 9
Section 3: Validation and Attestation Details Part 3. PCI DSS Validation This AOC is based on results noted in SAQ D (Section 2), dated (SAQ completion date).
Modified
p. 1
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D
• Service Providers For use with PCI DSS Version3.1 Revision 1.1
• Service Providers For use with PCI DSS Version
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D
• Service Providers For use with PCI DSS Version 3.2
• Service Providers For use with PCI DSS Version 3.2
Removed
p. 2
ISA Name(s) (if applicable): Title:
Modified
p. 5
Does your business use network segmentation to affect the scope of your PCI DSS environment? (Refer to “Network Segmentation” section of PCI DSS for guidance on network segmentation) Part 2f. Third-Party Service Providers Does your company have a relationship with one or more third-party service providers (for example, gateways, payment processors, payment service providers (PSP), web-hosting companies, airline booking agents, loyalty program agents, etc.) for the purpose of the services being validated? Type of service provider: Description of services provided:
Does your business use network segmentation to affect the scope of your PCI DSS environment? (Refer to “Network Segmentation” section of PCI DSS for guidance on network segmentation) Part 2f. Third-Party Service Providers Does your company have a relationship with a Qualified Integrator Reseller (QIR) for the purpose of the services being validated? Description of services provided by QIR:
Modified
p. 8 → 9
Based on the results documented in the SAQ D noted above, the signatories identified in Parts 3b-3d, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document: (check one):
Removed
p. 9
Signature of ISA Date:
Modified
p. 9 → 10
Part 3c. QSA Acknowledgement (if applicable) If a QSA was involved or assisted with this assessment, describe the role performed:
Part 3c. Qualified Security Assessor (QSA) Acknowledgement (if applicable) If a QSA was involved or assisted with this assessment, describe the role performed:
Modified
p. 9 → 10
Part 3d. ISA Acknowledgement (if applicable) If a ISA was involved or assisted with this assessment, describe the role performed:
Part 3d. Internal Security Assessor (ISA) Involvement (if applicable) If an ISA(s) was involved or assisted with this assessment, identify the ISA personnel and describe the role performed:
Modified
p. 10 → 11
PCI DSS Requirement Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 3 Protect stored cardholder data 4 Encrypt transmission of cardholder data across open, public networks Protect all systems against malware and regularly update anti- virus software or programs 6 Develop and maintain secure …
PCI DSS Requirement Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO 1 Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 3 Protect stored cardholder data 4 Encrypt transmission of cardholder data across open, public networks Protect all systems against malware and regularly update anti-virus software or programs 6 Develop and maintain secure …